What is “white glove” IT service?
In professional services firms, some employees’ time is literally worth more than that of others. The firm’s higher-ups know all too well that keeping a $500+ per hour lawyer, doctor, or consultant tied up while IT support configures or updates their PC or troubleshoots performance costs the firm millions of billable dollars every year. To avoid such losses, some provide an elite “white glove” caliber of IT support to resolve issues for top-billing professionals, senior executives, and even preferred customers quickly with the least possible disruption to users.
But even with stellar support, keeping lawyers and other professionals tied up reflects poorly on IT, especially when the only thing they need the user for is to enter credentials and unlock resources. To achieve the ultimate in white glove service, resolution should not only be fast but should free core business professionals from having to lose billable hours at all.
Why not just share passwords?
Most professionals are only too glad to share their passwords with IT if it means not having to burn their own valuable time. This stands to create another set of issues around compliance and Zero Trust authentication since sharing passwords, even with IT, violates Zero Trust best practices—and potentially some non-disclosure agreements (NDAs)—and can break audit trails needed for compliance.
Nor should it work with most logins secured by MFA.
Can MFA prevent the ultimate white glove support?
Whether a billable professional shares his password with IT support or not, logging into the user’s PC might (should) require more than simply entering a password to unlock the machine and their account profile. If the company uses multi-factor authentication in place, the authenticator app or login workflow might require a biometric like a thumb- or fingerprint or 4-digit code texted to the employee’s phone to complete identity verification. That means the employee needs to be there.
In cases like these, MFA strengthens security but poses an impediment to white glove support that could gain professional services firms millions of dollars per year. To satisfy the fundamental challenges inherent in this use case, Secret Double Octopus (SDO) developed a secure way to have trusted IT specialist log in to the end user’s profile on their IT managed computer, instead of with end users, to resolve setup and troubleshooting issues.
Octopus helps NY law firm enable secure white glove service
The impetus to get creative began with a client request from a prestigious New York law firm. The company wanted to equip IT and security professionals to provide white glove IT support without tying up billable professionals or compromising security and compliance. If possible, they wished to upgrade the firm’s existing MFA solution to build the strongest possible authentication at the same time.
The IT team knew a passwordless MFA solution would provide a more secure and phishing-resistant login experience. They considered using Windows Hello for Business (WHfB) to secure the portion of the workforce that was using PCs but realized quickly that Microsoft’s passwordless architecture, which is based on certificates, would require prohibitive changes to implement applications, as well as to the backend identity infrastructure.
Next, they reached out to Guidepoint, a trusted IT solution provider and SDO partner, to explore other options. The Guidepoint team introduced the firm’s leaders to SDO who was able to strengthen and streamline authentication and fulfill the requirement for supporting white glove support.
How it works
SDO’s unique approach allows companies to create secure temporary shared accounts while maintaining high-assurance identity verification with detailed audit logs. Octopus accomplishes this by allowing the Identity Administrator to grant an approved IT Service Technician temporary access to the designated Service Client’s account, making it a shared account temporarily as the technician during the service work.
The technician logs onto the Service Client’s computer locally or remotely as an approved shared account user by completing their own high assurance authentication using the Octopus authenticator to prove they are, in fact, who they claim to be on the computer. Upon successfully authenticating, Octopus completes authentication to the Service Client’s account and logs the technician’s access and actions for auditing purposes. The service technician never directly accesses the Service Client’s account. Only indirectly, with the technician’s authentication validated, will temporary access be granted.
Universal login workflow supports white glove flexibility
Having adopted the Octopus platform, the firm’s IT experts can set up or update PCs and troubleshoot performance issues all on their own, sharing the user’s profile, even at night or during off-peak hours. The law firm began offering shared account authentication for white glove support for users of PCs and plans to roll out the option quickly to users of Macs and other end-user platforms.
Having completed an initial rollout to their first round of white-glove-caliber professionals, the company’s IT leaders plan to extend Octopus passwordless MFA technology to the entire workforce of thousands. Octopus creates a single, unified, flexible login workflow for all workforce applications—another feat WHfB and other solutions cannot do.
Working with SDO provides the law firm with a powerful mix of benefits the team could not find elsewhere. After considering various options for adopting a passwordless MFA solution, decision-makers determined SDO was the only solution able to improve authentication for all users quickly and relieve them of the burden of managing passwords. High-income producers waste far less billable time attending to essential but sometimes time-consuming IT issues. The team is able to provide very exclusive White Glove IT support without putting customer data or audit trails at risk, a dual benefit no other solution could deliver.
What makes Octopus different, and better?
Unlike certificates and FIDO authentication-based passwordless methods, which did not meet the law firm’s complex requirements, Octopus uniquely replaces vulnerable passwords — secrets users know that can be lost, leaked, phished, or intercepted — with machine-generated tokens nobody knows. These ephemeral tokens are valid for a very short time, not long enough to be intercepted or exposed.
The Octopus strategy delivered multiple benefits to the law firm, including:
- Enabling high assurance white glove services
- Compatibility with existing applications and identity infrastructure without costly redesigns
- High-assurance passwordless authentication being expanded enterprise-wide
Want to Learn More?
Explore our One-page Summary to discover how Passwordless Authentication is revolutionizing the Legal Sector or Get a Personalized Demo.